Tailscale running on XE3000 to route all traffic through remote MT3000 running tailscale so when I am on the road in my RV all my streaming services think I am still at home. I have enabled tailscale on both devices and now need to know how to get all the RV traffic to go through the tailscale tunnel to my home router.
Currently GL-UI does not support this function, but you can try the following steps to configure it, I have verified in my environment that it can work.
- Modify the /usr/bin/gl_tailscale file on mt3000
Note: 192.168.8.0/24 is the lan ip address of the xe3000
--- a/usr/bin/gl_tailscale
+++ b/usr/bin/gl_tailscale
@@ -133,8 +133,17 @@ if [ "$action" == "restart" ];then
add_route_local $wwan_ip "wwan"
fi
- /usr/sbin/tailscale up --reset --accept-routes $param --timeout 3s > /dev/null
+ while [ -n "$(ip rule show priority 1)" ]
+ do
+ ip rule del priority 1
+ done
+ ip rule add from all to 192.168.8.0/24 lookup 55 priority 1 # 192.168.8.0/24 is your xe3000 lan ip
+ /usr/sbin/tailscale up --advertise-exit-node --reset --accept-routes $param --timeout 3s > /dev/null
else
+ while [ -n "$(ip rule show priority 1)" ]
+ do
+ ip rule del priority 1
+ done
/etc/init.d/tailscale stop
- Setting Custom Exit Nodes on xe3000
Note: Custom Exit Nodes is mt3000 tailscale virtual ip
I’m assuming that you don’t have a public IP address at home which is why you are using Tailscale? I do the same thing you are doing but using vanilla WireGuard. It was very simple to set up.
EDIT: Just noticed you are going router to router so not sure this will work, as you need access to a zero tier client doing it this way
You seem to be able to do this easily with zero tier.
Just add
0.0.0.0/0 via YOURZEROTIERIP
To the managed routes, and make sure there is no other VPN running on the router.
And in the zero tier app check route all traffic through zero tier network
I’m using firmware version 4.4.5 and the gl_tailscale file seems to be different than the one you are showing a section of above. Notice I had already added the advertise exit nodes before I posted this question but that was not enough to get it to work. Maybe you can attach/paste your entire gl_tailscale file? I see in your screenshots you are also using 4.4.5 but the section of your file looks different.
fi
if [ -n "$routes" ]; then
param="--advertise-routes=$routes"
else
param=""
fi
if [ -n "$exit_node_ip" ];then
param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"
fi
if [ -n "$lan_ip" ]; then
add_route_local $lan_ip "lan"
fi
if [ -n "$wan_ip" ]; then
add_route_local $wan_ip "wan"
fi
if [ -n "$secondwan_ip" ]; then
add_route_local $secondwan_ip "secondwan"
fi
if [ -n "$wwan_ip" ]; then
add_route_local $wwan_ip "wwan"
fi
guest_disable=$(uci -q get network.guest.disabled)
if [ -n "$exit_node_ip" ] && [ "$guest_disable" == "0" ]; then
add_guest_policy_route
fi
/usr/sbin/tailscale up --advertise-exit-node --reset --accept-routes $param --timeout 3s > /dev/null
else
/etc/init.d/tailscale stop
fi
fi
- /usr/bin/gl_tailscale 178/178 100%
I will look into this if I can’t get tailscale working. Thank you for the suggestion.
I might be able to use this option but I felt that tailscale would be a more secure option due to not having to expose any ports.
fi
if [ -n "$routes" ]; then
param="--advertise-routes=$routes"
else
param=""
fi
if [ -n "$exit_node_ip" ];then
param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"
fi
if [ -n "$lan_ip" ]; then
add_route_local $lan_ip "lan"
fi
if [ -n "$wan_ip" ]; then
add_route_local $wan_ip "wan"
fi
if [ -n "$secondwan_ip" ]; then
add_route_local $secondwan_ip "secondwan"
fi
if [ -n "$wwan_ip" ]; then
add_route_local $wwan_ip "wwan"
fi
guest_disable=$(uci -q get network.guest.disabled)
if [ -n "$exit_node_ip" ] && [ "$guest_disable" == "0" ]; then
add_guest_policy_route
fi
+ while [ -n "$(ip rule show priority 1)" ]
+ do
+ ip rule del priority 1
+ done
+ ip rule add from all to 192.168.8.0/24 lookup 55 priority 1 # 192.168.8.0/24 is your xe3000 lan ip
/usr/sbin/tailscale up --advertise-exit-node --reset --accept-routes $param --timeout 3s > /dev/null
else
+ while [ -n "$(ip rule show priority 1)" ]
+ do
+ ip rule del priority 1
+ done
/etc/init.d/tailscale stop
fi
Does the LAN IP on the XE3000 need to be different than the LAN IP on the MT3000?
I ask because all my GL-iNET devices have the 192.168.8.x
I appreciate the help This will be very useful for RVers.
Yes, the lan ip of both cannot be the same
How do I know if I have success? My WAN IP on the XE3000 has not changed (Checking it at https://icanhazip.com/) Also, if I go to speedtest.net it still shows me as being on my cell provider not my home cablemodem provider. I can ping 192.168.8.1 and 192.168.7.1 from the MT3000 (it is 192.168.7.0/24) but I can not ping 192.168.7.1 from the XE3000 (192.168.8.0/24)
This is from my gl_tailscale, pretty sure I got it right.:
guest_disable=$(uci -q get network.guest.disabled)
if [ -n "$exit_node_ip" ] && [ "$guest_disable" == "0" ]; then
add_guest_policy_route
fi
while [ -n "$(ip rule show priority 1)" ]
do
ip rule del priority 1
done
ip rule add from all to 192.168.8.0/24 lookup 55 priority 1 # 192.168.8.0/24 is your xe3000 lan ip
/usr/sbin/tailscale up --advertise-exit-node --reset --accept-routes $param --timeout 3s > /dev/null
else
while [ -n "$(ip rule show priority 1)" ]
do
ip rule del priority 1
done
/etc/init.d/tailscale stop
fi
fi
- /usr/bin/gl_tailscale 186/187 99%
using traceroute on xe3000’s client(phone,pc or smart TV in RV)
You can see that the next hop is mt3000’s tailscale virtual ip, and next mt3000’s wan ,and next internet …
Thats not happening for mine. I have double checked all the settings on both devices and the tailscale admin panel. Wonder what’s wrong.
I see I have Goodcloud enabled. Can that be on at the same time as tailscale?
It seems as if the XE3000 is not routing its traffic through the MT3000. My speed tests have gone to nearly zero though so something is different. (Correction, speed tests are normal again now) Yours is working with the same firmware as mine? XE3000 is on the latest beta firmware and the MT3000 is on 4.4.5
I can reach the admin page for the XE3000 when using the MT3000 WiFi but I can not reach the MT3000 admin page when using the XE3000 WiFi.
mt3000 is using latest snapshot
https://dl.gl-inet.com/?model=mt3000&type=snapshot
xe3000 is using latest beta
https://dl.gl-inet.com/?model=xe3000&type=beta
Is there a log for tailscale on the MT3000 and XE3000? Maybe I can find what’s causing my problems. I assume MT3000 4.4.5 stable should work and snapshot isn’t needed?
I installed the snap shot. Added the changes to the gl_tailscale. Still not working. I even unbind both routers and did a rebind. Tailscale site seems to think everything is good but the xe3000 is not routing through the mt3000. When checking what my ip is it always shows the WAN ip from the cellular interface instead of the ip of my home network WAN. I can not ping the 192.168.7.1 of the mt3000 or the 10.0.0.1 LAN ip of my home internet router but they are listed as subnet routes for the mt3000. I’m happy to give you goodcloud access to both devices if you think you can help get this working.
I can try if you can give your goodcloud access to me
This has worked for me, thanks very much!
However, speed a quite slow, I cannot seem to get a direct connection, it only works via the Tailscale relay. Does anyone know any way to achieve a direct connection? Do I need to open specific ports?
For context, I am using a 5G sim behind CGNAT, is it even possible to achieve a direct connection?